Merge branch 'main' into vale-release-notes

Author: natasha-moore-elastic

deploy-manage/deploy/_snippets/tpec.md

@@ -1,3 +1,3 @@
-The {{ecloud}} Terraform provider allows you to provision and manage {{ech}} and {{ece}} deployments as code, and introduce DevOps-driven methodologies to manage and deploy the {{stack}} and solutions.
+The {{ecloud}} Terraform provider allows you to provision and manage {{serverless-full}} projects, {{ech}} and {{ece}} deployments as code, and introduce DevOps-driven methodologies to manage and deploy the {{stack}} and solutions.
 
-To get started, see the [{{ecloud}} Terraform provider documentation](https://registry.terraform.io/providers/elastic/ec/latest/docs).
+To get started, review the [{{ecloud}} Terraform provider documentation](https://registry.terraform.io/providers/elastic/ec/latest/docs) and [{{ecloud}} Terraform GitHub repository](https://github.com/elastic/terraform-provider-ec) for more guidance.

deploy-manage/deploy/cloud-enterprise/post-installation-steps.md

@@ -18,6 +18,12 @@ To start creating {{es}} deployments directly, refer to [](./working-with-deploy
 
 * Add your own [load balancer](./ece-load-balancers.md). Load balancers are user supplied and we do not currently provide configuration steps for you.
 
+* [Add more capacity](/deploy-manage/maintenance/ece/scale-out-installation.md) to your ECE installation, [resize your deployment](./resize-deployment.md), [upgrade to a newer {{es}} version](/deploy-manage/upgrade/deployment-or-cluster/upgrade-on-ece.md), and [add some plugins](./add-plugins.md).
+
+* [Configure ECE system deployments](./system-deployments-configuration.md) to ensure a highly available and resilient setup.
+
+* [Configure ECE for deployment templates](./configure-deployment-templates.md) to indicate what kind of hardware you have available for {{stack}} deployments.
+
 * In production systems, add your own [Cloud UI and Proxy certificates](../../security/secure-your-elastic-cloud-enterprise-installation/manage-security-certificates.md) to enable secure connections over HTTPS. The proxy certificate must be a wildcard certificate signed for the needed DNS records of your domain.
 
   ::::{note}
@@ -32,19 +38,21 @@ To start creating {{es}} deployments directly, refer to [](./working-with-deploy
   For example, if your proxy certificate is signed for `*.elastic-cloud-enterprise.example.com` and you have a wildcard DNS register pointing `*.elastic-cloud-enterprise.example.com` to your load balancer, you should configure `elastic-cloud-enterprise.example.com` as the **deployment domain name** in Platform → Settings. Refer to [](./change-endpoint-urls.md) for more details.
   ::::
 
-* If you received a license from Elastic, [manage the licenses](../../license/manage-your-license-in-ece.md) for your {{ece}} installation.
+* [Add a snapshot repository](../../tools/snapshot-and-restore/cloud-enterprise.md) to enable regular backups of your {{es}} clusters.
 
 * [Add more platform users](../../users-roles/cloud-enterprise-orchestrator/manage-users-roles.md) with role-based access control.
 
-* [Add a snapshot repository](../../tools/snapshot-and-restore/cloud-enterprise.md) to enable regular backups of your {{es}} clusters.
-
 * Consider enabling encryption-at-rest (EAR) on your hosts.
 
   :::{{note}}
   Encryption-at-rest is not implemented out of the box in {{ece}}. [Learn more](/deploy-manage/security/secure-your-elastic-cloud-enterprise-installation.md#ece_encryption).
   :::
 
-* Learn about common maintenance activities—such as adding capacity, applying OS patches, and addressing host failures--at [](../../maintenance/ece.md).
+* Set up [traffic filters](/deploy-manage/security/network-security.md) to restrict traffic to your deployment to only trusted IP addresses or VPCs.
+
+* Learn how to work around host maintenance or a host failure by [moving nodes off of an allocator](/deploy-manage/maintenance/ece/move-nodes-instances-from-allocators.md). For an overview of common ECE maintenance activities, refer to [ECE maintenance](../../maintenance/ece.md).
+
+* If you received a license from Elastic, [manage the licenses](../../license/manage-your-license-in-ece.md) for your {{ece}} installation.
 
 ::::{warning}
 During installation, the system generates secrets that are placed into the `/mnt/data/elastic/bootstrap-state/bootstrap-secrets.json` secrets file, unless you passed in a different path with the --host-storage-path parameter. Keep the information in the `bootstrap-secrets.json` file secure by removing it from its default location and placing it into a secure storage location.

deploy-manage/deploy/elastic-cloud/tools-apis.md

@@ -96,12 +96,7 @@ serverless: unavailable
 :::
 
 
-## Provision deployments with Terraform
-```{applies_to}
-deployment:
-  ess: ga
-serverless: unavailable
-```
+## Provision projects and deployments with Terraform
 
 :::{include} /deploy-manage/deploy/_snippets/tpec.md
 :::

deploy-manage/distributed-architecture/discovery-cluster-formation.md

@@ -8,7 +8,7 @@ products:
 ---
 
 ::::{important}
-The information provided in this section is applicable to all deployment types. However, the configuration settings detailed here are only valid for self-managed {{es}} deployments. For {{ecloud}} and {{serverless-full}} deployments this seciton should only be used for general information.
+The information provided in this section is applicable to all deployment types. However, the configuration settings detailed here are only valid for fully self-managed {{es}} deployments. For ECE, ECK, and ECH deployments, this section should only be used for general information and troubleshooting.
 ::::
 
 # Discovery and cluster formation [modules-discovery]

deploy-manage/monitor/_snippets/autoops-cc-regions.md

@@ -1,7 +1,12 @@
 | Region | Name |
 | --- | --- | 
+| us-east-1 | US East (N. Virginia) |
 | us-east-2 | US East (Ohio) |
+| us-west-2 | US West (Oregon) |
 | eu-west-1 | EU (Ireland) |
+| eu-west-2 | Europe (London) |
+| eu-central-1 | Europe (Frankfurt) |
 | ap-northeast-1 | Asia Pacific (Tokyo) |
+| ap-southeast-1 | Asia Pacific (Singapore) |
 
 More regions are coming soon.

deploy-manage/monitor/autoops/cc-autoops-as-cloud-connected.md

@@ -12,7 +12,7 @@ products:
 
 # AutoOps for self-managed clusters
 
-For ECE ({{ece}}), ECK ({{eck}}), and self-managed {{es}} clusters, AutoOps can be set up in all supported [regions](ec-autoops-regions.md#autoops-for-self-managed-clusters-regions) through [Cloud Connect](/deploy-manage/cloud-connect.md). More regions are coming soon.
+For ECE ({{ece}}), ECK ({{eck}}), and self-managed {{es}} clusters, AutoOps can be set up through [Cloud Connect](/deploy-manage/cloud-connect.md).
 
 Cloud Connect enables users of ECE, ECK, and self-managed clusters to use {{ecloud}} services. This means you can take advantage of the simplified cluster monitoring, real-time issue detection, and performance recommendations of AutoOps without having to run and manage the underlying infrastructure.
 

deploy-manage/monitor/autoops/cc-connect-self-managed-to-autoops.md

@@ -211,7 +211,7 @@ If you manually assign privileges, you won't be able to allow {{agent}} to acces
 
 :::::
 * **System architecture**: Select the system architecture of the machine running the agent.
-* **Metrics storage location**: Select where to store your metrics data from the list of available AWS regions.
+* **Metrics storage location**: Select where to store your metrics data from the list of available AWS regions:
 
   :::{include} ../_snippets/autoops-cc-regions.md
   :::

deploy-manage/monitor/autoops/ec-autoops-faq.md

@@ -43,7 +43,7 @@ Whether you are using AutoOps in your [{{ech}} deployment](/deploy-manage/monito
 * [Do I have to define an Elastic IP address to enable the agent to send data to {{ecloud}}?](#elastic-ip-address)
 
 **Collected metrics and data in AutoOps for self-managed clusters**
-* [Where are metrics stored in AutoOps for self-managed clusters?](#autoops-metrics-storage)
+* [Where are metrics stored in AutoOps for self-managed clusters?](#sm-autoops-metrics-storage)
 * [What information does {{agent}} gather from my cluster?](#extracted-info)
 * [How does AutoOps gather data from my cluster and ensure its security?](#data-gathering)
 * [Can I view the data gathered by {{agent}}?](#data-viewing-config)
@@ -91,7 +91,7 @@ $$$additional-payment$$$ **Does AutoOps for self-managed clusters incur addition
 $$$autoops-metrics-cost$$$ **Does shipping metrics data to {{ecloud}} incur additional costs?**
 :   Elastic does not charge extra for this service, but your cloud service provider (CSP) might. When sending metrics data from your cluster in a CSP region to {{ecloud}}, shipping costs are determined by your agreement with that CSP. 
 
-    You can [choose the CSP region where your data is stored](/deploy-manage/monitor/autoops/ec-autoops-regions.md#autoops-for-self-managed-clusters-regions).
+    You can [choose the CSP region where your data is stored](#sm-autoops-metrics-storage).
 
 $$$deployment-types$$$ **Which deployment types can be connected to AutoOps through Cloud Connect?**
 :   You can connect to AutoOps on a standalone {{stack}}, ECE ({{ece}}), or ECK ({{eck}}) deployment, both on-premise and in private cloud environments.
@@ -117,7 +117,7 @@ $$$elastic-ip-address$$$ **Do I have to define an Elastic IP address to enable t
 
 ### Collected metrics and data in AutoOps for self-managed clusters
 
-$$$autoops-metrics-storage$$$ **Where are metrics stored in AutoOps for self-managed clusters?**
+$$$sm-autoops-metrics-storage$$$ **Where are metrics stored in AutoOps for self-managed clusters?**
 :   You can choose where to store your metrics from the following AWS regions:
 
     :::{include} ../_snippets/autoops-cc-regions.md

deploy-manage/monitor/autoops/ec-autoops-regions.md

@@ -5,14 +5,9 @@ navigation_title: Regions
 applies_to:
   serverless:
   deployment:
-    self:
-    ece:
-    eck:
     ess: all
 products:
   - id: cloud-hosted
-  - id: cloud-kubernetes
-  - id: cloud-enterprise
 ---
 
 # AutoOps regions [ec-autoops-regions]
@@ -73,14 +68,3 @@ AutoOps for {{serverless-short}} is set up and enabled automatically in the foll
 The only exception is the **Search AI Lake** view, which is available in all CSP regions across AWS, Azure, and GCP.
 
 Learn how to [access](/deploy-manage/monitor/autoops/access-autoops-for-serverless.md) AutoOps in your {{serverless-short}} project.
-
-## AutoOps for self-managed clusters regions
-
-You can also use AutoOps with your ECE ({{ece}}), ECK ({{eck}}), or self-managed clusters through [Cloud Connect](/deploy-manage/cloud-connect.md). 
-
-This service is currently available in the following regions for AWS:
-
-:::{include} ../_snippets/autoops-cc-regions.md
-:::
-
-Learn how to [set up](/deploy-manage/monitor/autoops/cc-connect-self-managed-to-autoops.md) AutoOps in your ECE, ECK, or self-managed cluster.

deploy-manage/remote-clusters/ece-enable-ccs.md

@@ -32,8 +32,18 @@ To use CCS or CCR, your environment must meet the following criteria:
   :::{include} _snippets/remote-cluster-certificate-compatibility.md
   :::
 
-* Proxies must answer TCP requests on the port 9400. Check the [prerequisites for the ports that must permit outbound or inbound traffic](../deploy/cloud-enterprise/ece-networking-prereq.md).
-* Load balancers must pass-through TCP requests on port 9400. Check the [configuration details](../deploy/cloud-enterprise/ece-load-balancers.md).
+* ECE proxies must answer TCP requests on the port used by the selected [security model](./security-models.md):
+  * `9400` when using TLS certificate–based authentication (deprecated).
+  * `9443` when using API key–based authentication.
+  
+  For details, refer to the [remote cluster security models](./security-models.md) documentation and [ECE networking prerequisites](/deploy-manage/deploy/cloud-enterprise/ece-networking-prereq.md).
+
+* Load balancers must pass through TCP requests on the port that corresponds to the security model:
+  * `9400` for TLS certificate–based authentication (deprecated).
+  * `9443` for API key–based authentication.
+
+  For configuration details, refer to the [ECE load balancer requirements](../deploy/cloud-enterprise/ece-load-balancers.md).
+
 * If your deployment was created before ECE version `2.9.0`, the Remote clusters page in {{kib}} must be enabled manually from the **Security** page of your deployment, by selecting **Enable CCR** under **Trust management**.
 
 ::::{note}
@@ -62,4 +72,4 @@ The steps, information, and authentication method required to configure CCS and
 
 ## Remote clusters and network security [ece-ccs-ccr-network-security]
 
-If you have [network security policies](/deploy-manage/security/network-security-policies.md) applied to the remote cluster, you might need to take extra steps on the remote side to allow traffic from the local cluster. Some remote cluster configurations have limited compatibility with network security. To learn more, refer to [Remote clusters and network security](/deploy-manage/remote-clusters.md#network-security).
+If you have [network security policies](/deploy-manage/security/network-security-policies.md) applied to the remote cluster, you might need to take extra steps on the remote side to allow traffic from the local cluster. Some remote cluster configurations have limited compatibility with network security. To learn more, refer to [Remote clusters and network security](/deploy-manage/remote-clusters.md#network-security).